Details
- Reviewers
machniak - Group Reviewers
Restricted Project - Commits
- rK13e8105dff61: Proxy authorization for irony/syncroton
rK2a3239513437: Proxy authorization for irony/syncroton
rK4070f33fc302: Proxy authorization for irony/syncroton
rK73325057d86d: Proxy authorization for irony/syncroton
rK7aff3857cf77: Proxy authorization for irony/syncroton
rK36aa796fd9c9: Proxy authorization for irony/syncroton
rK09e6cafcdc3f: Proxy authorization for irony/syncroton
rK7ca46009b79c: Proxy authorization for irony/syncroton
rKa3d763847039: Proxy authorization for irony/syncroton
rK1e8ed186d06e: Proxy authorization for irony/syncroton
rKf417d23a6d0e: Proxy authorization for irony/syncroton
rK41cc45321046: Proxy authorization for irony/syncroton
rKb57b61395a8f: Proxy authorization for irony/syncroton
rK1baf0e582456: Proxy authorization for irony/syncroton
rK0d27850b98a6: Proxy authorization for irony/syncroton
rKf11605cff546: Proxy authorization for irony/syncroton
rKb50e8b0b2bae: Proxy authorization for irony/syncroton
rKe3a5167adae5: Proxy authorization for irony/syncroton
rK62db54a23fe2: Proxy authorization for irony/syncroton
rK054a3fbf5378: Proxy authorization for irony/syncroton
Diff Detail
- Repository
- rK kolab
- Branch
- dev/mollekopf
- Lint
No Lint Coverage - Unit
No Test Coverage - Build Status
Buildable 36956 Build 14723: arc lint + arc unit
Event Timeline
Aren't we authenticate the user two times this way? Once in nginx and once in syncroton/iRony? Should we have an option in syncroton/iRony to disable authentication?
docker/proxy/rootfs/etc/nginx/nginx.conf | ||
---|---|---|
112 | Looking at syncroton code all requests are being authenticated. | |
src/app/Http/Controllers/API/V4/NGINXController.php | ||
33 | For activesync we have to support user\domain syntax. https://git.kolab.org/diffusion/S/browse/master/lib/kolab_sync.php$123 |
Yes we are authenticating twice. I don't think we should change that (just like we don't for imap).
Ultimately we should plug in our 2fa capable authentication in saslauthd, at which point we no longer require this nginx variant, and in the meantime I don't think we need to introduce further options for what doesn't seem really problematic anyways.
src/app/Http/Controllers/API/V4/NGINXController.php | ||
---|---|---|
13 | $e is redundant here. And I'd put @throws after @return. Also, please add @params. | |
109 | I'd make it a single Log::debug() call, like in byebye(). | |
115 | Well, we already log the request headers above. So, this debug line looks redundant. | |
127 | I'm not sure, but I'm wondering whether for cases like this (and 401 above) we should use byebye() method, of course extended to handle all cases, but it would be some unification on the code level (debug logging). | |
166 | I'd make it a single Log::debug() call, like in byebye(). | |
src/tests/Feature/Controller/NGINXTest.php | ||
229 | I'd rather use ned@kolab.org who has 2FA configured already. It will not require to unset the setting for john afterwards. |
src/app/Http/Controllers/API/V4/NGINXController.php | ||
---|---|---|
115 | I think it makes sense to have an explicit message given we stop processing at this point, but the message could be better indeed. | |
127 | I don't think that would help at the moment. The byebye method only works for the imap/smtp responses which uses headers, and the httpauth module uses the http status code instead. While we could introduce a similar method to combine status code + debug message, it doesn't seem to really improve the situation to me (two lines of code vs 1 line + a function). | |
src/tests/Feature/Controller/NGINXTest.php | ||
229 | Personally I think using the same user is clearer, as this makes explicit that we simply test the same situation with a different setting. I don't particularly mind changing to ned@kolab.org, but note that I can't currently remove resetting the settings, since we also change other settings and I'm resetting in tearDown. So unless it's really worth it to avoid setting the settings one to many times, I'd leave it as is. |